Security+ 701

Layer 7

Application layer

Which of the following terms BEST describes the validation of the accuracy and thoroughness of compliance-related reports? Attestation Regulatory examination Independent third-party audit Internal assessment

Attestation

Which of the following BEST explains the difference between an Agent-based and Agentless NAC?

C. Agent based NACs use additional software to authenticate users, while Agentless NACs use network level protocols to authenticate users.

Reginald, an IT Manager, is the owner of a file on a server and wants to grant his colleagues access to the file. He is the only one who can decide who is allowed access to the file and what actions they can perform on it. Which authorization model is being used in this scenario? RBAC MAC DAC ABAC

DAC (Discretionary access control)

At Kelly Innovations LLC, Susan has been entrusted with determining the purposes and means of processing personal data for the organization's new marketing campaign. She decides what data to collect, how long it will be retained, and with whom it will be shared. Which of the following BEST describes the role Susan is playing? Data Controller Data Processor Data Custodian Data Subject

Data Controller

Which mitigation technique involves shutting off specific entry and exit points in a system to prevent potential vulnerabilities or unauthorized access? Encryption Monitoring Segmentation Disabling ports

Disabling ports

Which of the following hardware issues that results from products that are no longer being made or supported, but are still usable? Hardware tampering End-of-life vulnerability Hardware cloning Legacy vulnerability

End-of-life vulnerability

Which of the following statements BEST explains the importance of environmental variables in regard to vulnerability management? Environmental variables are factors that impact the physical security of an organization's premises Environmental variables refer to the unique characteristics of an organization's infrastructure that can affect vulnerability assessments and risk analysis Environmental variables are specific conditions that trigger an automated response when a vulnerability is detected in an organization's systems Environmental variables are parameters used in vulnerability scanning tools to assess the security posture of an organization's network and infrastructure

Environmental variables refer to the unique characteristics of an organization's infrastructure that can affect vulnerability assessments and risk analysis

Dion Training is considering a collaboration with a new IT service vendor. To ensure compliance and adherence to industry standards, Dion Training wishes to see verifiable evaluations of the vendor's security controls and practices. Which of the following would provide Dion Training with insights into the vendor's own internal evaluations of their security measures? Regulatory compliance certificates Evidence of internal audits External penetration test reports Customer testimonials

Evidence of internal audits

Which of the following BEST describes an approach where the foundational systems are set up and overseen using scripts and automated instruments instead of hands-on methods? Microservices architecture Air-gapped network IaC Serverless architecture

IaC (Infastruture as code)

A drone manufacturer employs a real-time operating system (RTOS) to ensure timely task executions. While optimizing for real-time performance, which of the following security concerns might arise? Uncontrolled cloud access. Lack of legacy protocol support. Overhead from virtualization. Inadequate buffer overflow protections.

Inadequate buffer overflow protections.

Which of the following BEST describes the Software Development Life Cycle (SDLC) in application security? It only considers security during the testing and creation phases of software development. It replaces the need for regular software updates and patches. It emphasizes the integration of security in software creation and maintenance. It primarily focuses on the speed of software delivery over security.

It emphasizes the integration of security in software creation and maintenance.

Kelly Innovations Corp, an IT company, is implementing a process of encryption where two parties establish a shared secret for communication purposes. Which of the following MOST describes this process? Hashing Key exchange Asymmetric encryption Symmetric encryption

Key exchange

Which of the following terms refers to critical predictive metric that organizations monitor to foresee potential risks and their impact on operations? Risk metrics Risk threshold Risk parameters Key risk indicators

Key risk indicators

Kelly Innovations LLC wants to implement a network appliance that focuses on filtering traffic based on source and destination IP addresses, and port numbers. Which layer of the OSI model is this appliance primarily operating at?

Layer 4

A power plant utilizes a specialized system to manage and monitor its daily operations, including machinery and sensor feedback. While these systems offer centralized control, what security concern is most associated with them? Constrained memory use. Limited security update capabilities. Runtime efficiency constraints. Optimization for containerized deployments.

Limited security update capabilities.

Which method accurately demonstrates the authentication process used in WPA2 Personal mode? Password Authenticated Key Exchange (PAKE). QR codes for client device configuration. Using a passphrase to generate a pairwise master key (PMK). Dragonfly handshake with a MAC address hash.

PMK

When sending an encrypted message to Dion Training, a client would use which of the following to ensure only Dion Training can decrypt and read the message? Wildcard certificate Key escrow Public key Private key

Public Key

Within the IT department, Sarah has been designated to oversee the security measures for the new data management platform. She is accountable for the regular review of security protocols and responding to any breaches or vulnerabilities that may arise. Sarah's role would be BEST described by which of the following terms? Risk indicator Risk register Risk assessor Risk owner

Risk Owner

The executive team at a software development firm decides that any project with a potential financial impact greater than $500,000 due to a security incident will require an immediate review and intervention. This financial impact figure represents which of the following in risk management? Risk level Risk limit Risk tolerance Risk threshold

Risk threshold

Port 1433

SQL Database

Which of the following vulnerabilities BEST describes a situation where a threat actor can manipulate data after it has been verified by an application, but before the application uses it for a specific operation? Resource exhaustion Memory leaks Race conditions Time-of-check (TOC)

Time of Check

Which of the following BEST describes the primary purpose of archiving as a method to bolster security monitoring? To provide an external backup in case of system crashes To analyze real-time threats and mitigate them instantly. To provide historical insights into security incidents for future investigations. To maintain compliance with regulations without needing long-term data storage.

To provide historical insights into security incidents for future investigations.

When considering the RSA algorithm, which description BEST captures its underlying mathematical property used for public key cryptography? Trapdoor function Symmetric encryption Hash function Digital signature

Trapdoor function

When considering the RSA algorithm, which description BEST captures its underlying mathematical property used for public key cryptography? Trapdoor function Symmetric encryption Hash function Digital signature See all questionsBackNext question

Trapdoor function

Given the need for resilience and the ability to recover in a security architecture, which of the following devices ensures uninterrupted operation during a power outage? Uninterruptible power supply (UPS) Power Strip Onsite/offsite backups Voltage Regulator

Uninterruptible power supply (UPS)

For ensuring the security of an HTTP application like WordPress or Magento against threats like SQL injection or cross-site scripting, which monitoring tool or method would be MOST appropriate? Web application firewall (WAF) Antivirus software Host-based intrusion detection system (HIDS) NetFlow

Web application firewall

What element of backup strategy involves making data copies regularly at set intervals? Replication Frequency Load balancing Journaling

frequency

Lexicon, an AI company, wants to implement a security measure to identify and evaluate potential threats to their systems and networks. Which of the following is an example of a managerial security control that the company could implement? Risk assessments Firewall Intrusion detection system Security guards

risk assessment

What term refers to an organization's predetermined level of acceptable risk exposure? Exposure factor Risk appetite Conservative Risk tolerance

risk tolerance

Log aggregation

the process of collecting, standardizing, and consolidating log data from across an IT environment in order to facilitate streamlined log analysis.

SD-WAN

• Software Defined Networking in a Wide Area Network - A WAN built for the cloud • The data center used to be in one place - The cloud has changed everything • Cloud-based applications communicate directly to the cloud - No need to hop through a central point